IoT Security: Industry Finally Waking Up To The Dangers

For the last several years, Internet of Things security has been one of the most hotly debated topics at Mobile World Congress. This year, however, IoT security took on a new sense of urgency as more devices are being connected and the technology turns mainstream.

8 IoT Operating Systems Powering The Future

(Click image for larger view and slideshow.)

For the past several years, the Internet of Things has been one of the most hotly debated topics at Mobile World Congress. However, looking back on this year's expo, the discussion moved from the lack of standards to a subject that industry is only now starting to debate: the security implications of having everything connected.

What caused this sudden concern? Certainly some of the headlines form the last year helped.

In turn, those keeping an eye on IoT became more proactive than reactive on security issues.

Healthcare connected devices, for example, are one of the most dangerous targets.

Panel at "Securing The Internet of Things" session at Mobile World Congress 2016.

(Image: Pablo Valerio for InformationWeek)

In April 2014, Scott Erven and his team of security researchers released the results of a two-year study on the vulnerability of medical devices. They found that they could remotely manipulate devices, including those that controlled dosage levels for drug infusion pumps and connected defibrillators. He argued at a recent DefCon conference that "healthcare is 10 years behind other industries in addressing security."

The challenges of securing connectivity are also significant.

While most industrial connected devices have been using carrier-based machine-to-machine (M2M) technology based on either 2G or 3G cellular services, the security of these machines is being challenged by a switch to low-power wireless WAN technologies operating on unlicensed spectrum. These include standards such as Zigbee and WiFi 802.11ah.

While these new standards offer the possibility of connecting many more devices at lower cost, they pose bigger security challenges since anyone can access and exploit a device operating in these frequency bands.

I had the opportunity to talk with security experts from Gemalto, BlackBerry, and NXP about the present and future of securing the IoT. Most of them agree that "software cannot secure hardware" and that securing the supply chain is as critical as the final security of the device.

At MWC 2016, Gemalto, the Dutch digital security firm, announced a partnership with Jasper, a global IoT platform provider, to offer secure connections for IoT devices using Jasper's cloud-based technology. This offering will use Gemalto's advanced cryptographic software to support robust and scalable back-office platforms for authentication, encryption, and digital credential management.

In the past month, BlackBerry, which is now mostly focusing on security offerings, acquired UK firm Encription Limited, which will become part of its new Professional CyberSecurity Services practice -- a new business unit that will offer organizations consulting services, tools, and best practices.

Derek Kuhn, vice president of sales for BlackBerry IoT Division, said during a roundtable at MWC, that his company's IoT security offerings are present in over 60 million vehicles worldwide, which include everything from secured components to entire communication systems.

The automotive industry forecasts there will be 44 million automated vehicles on the roads by 2030. Many more vehicles already have some form of Internet connectivity.

NXP, the Dutch semiconductor company that helped develop NFC, demonstrated at the show the capabilities of its security technology for IoT.

This included the NFC Ring, which can be used for payment applications, secure identification, and transit applications. In addition, NXP is offering the i.MX 6Dual and i.MX 6Quad single-chip system module (SCM), which it calls the world's smallest integrated single-chip system for IoT.

There is no doubt among the experts that "the machines are coming," and we'll have tens of billions of connected devices at the beginning of the next decade. In a few years, most of the things we have and do today will be automated, measured, and controlled by the IoT ecosystem, and there is nothing we can do to stop it.

However, we do need to secure them all.

As NXP CEO Rick Clemmer told me at the show: "It is about how we take that technology and computing, and the security, to be able to make all of our lives easier, but also make it safe."

Rising stars wanted. Are you an IT professional under age 30 who's making a major contribution to the field? Do you know someone who fits that description? Submit your entry now for InformationWeek's Pearl Award. Full details and a submission form can be found here.

Pablo Valerio has been in the IT industry for 25+ years, mostly working for American companies in Europe. Over the years he has developed channels, established operations, and served as European general manager for several companies. While primarily based in Spain, he has ... View Full Bio

Security is definitey an issue when it comes to the IoT. Industries like healthcare and military can really benefit from the IoT, yet there are a lot of reasons to be scared about it so far.

If security improves, the IoT will really start to make a big difference in our lives and can be implemented in the technical infrastructure.

Dr. Michael Abrams spoke about how NFMI solves a lot of the security issues that the IoT faces because of the PAN it enables. Hacking becomes a relatively impossible with NFMI because you would literally have to be within a couple feet of a person to hack their information.

He wrote an article about it on LinkedIn: https://www.linkedin.com/pulse/nfmi-connectivity-iot-michael-abrams

To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.

Chances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.